Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Included a download link for a helm chart offline manual download

ThreadFix Version Release Notes

For REST API updates, refer to the Change Log

3.1.0

October 2021

Key Updates

  • Fundamental and holistic rebuild of the ThreadFix architecture and deployment environment (please see the new environment requirements). To install a helm chart offline see the manual helm download.

  • Full rewrite of our scan ingestion and processing logic to provide over 60x reduction in raw scan data processing speed

  • Introduction of Remote Provider UI display cards and associated API

  • Remote provider import and scan ingestion statuses display on the Scan Queue page

  • Updates to the Scan Import Queue’s UI tooltips

  • Update to add a new Queue Management permissions level

New/Updated API

  • New GET ThreadFix application assets by import request ID API

  • New GET Remote Provider Import Requests API

  • New Pending Scan Status API

  • New Scan Queue Management report view API

  • Update to Remote Provider Import Request API

General Improvements

  • Improvements to user login session management

  • Leveraged new architecture to implement self-recovery for scan ingestion

  • Improvements to Manual Vulnerability Actions

  • Security improvements

  • Bug fixes


Feature Changes

Note the following changes to features with the introduction of ThreadFix 3.1:

Deprecated and Removed

  • Support has been ended for the SSVL Converter

  • Bi-directional capability for Checkmarx and AppSpider has been removed

  • Service Delivery/Service Request feature set is no longer supported

  • Removed the Import All Vulnerabilities remote provider option

  • Saved scan files on the file system will not be migrated to 3.1 (NOTE: this only impacts the raw scan files. All vulnerability data is fully retained and migrated)

  • SonarQube Plugin removed from the Tools section.  Remote Provider integration still behaves as before.

Limitations, Scheduled for Enhancement Post 3.1

  • Limit of 3000 vulnerabilities when exporting Vulnerability Search data to a .csv file.

  • Remediation filters do not update automatically in 3.1, they will update with a defect status call sync. This feature is planned to be reintroduced. (NOTE: this may impact created policies based on these filters)

Absent, Scheduled for Re-introduction Post 3.1 

  • The Disable Vulnerability Merging option when creating a new application has been removed, this feature is planned to be reintroduced

  • Scan File Retention feature has been removed, this feature is planned to be reintroduced

  • The Vulnerability Close Settings option, allowing users to close vulnerabilities only when all scanners report them closed, has been removed, but is planned to be reintroduced

  • The Scan Agent tool API endpoints have not been migrated, this feature is planned to be reintroduced

  • The ability to cancel queued scans has been removed, this feature is planned to be reintroduced in the future

  • Time to Remediate Date policy creation has been disabled, this feature will be reinstated

  • Dashboard and Analytics page report caching time configuration has been disabled with plans to be re-enabled

  • The Global FPR Filter Set API REST calls have been removed, with plans to be reintroduced

Table of Contents

Table of Contents